Does A 27-Second Video Showing How To 'Hack' The NYT Paywall Violate The DMCA?

from the it-certainly-might... dept

We've discussed many times just how easy it is to get around the NY Times' paywall. I've never run up against it because I don't have javascript enabled, and the whole system is javascript based. We have wondered, however, if doing this is technically a violation of the DMCA -- specifically the anti-circumvention clause. After all, I am circumventing technical protection measures. That I have javascript automatically turned off for all sites doesn't much matter.

Of course, now that the paywalls been out for a while, people are finding even more ways to get around the paywall, including merely removing the string at the end of the URL. This is so simple, that someone made a 27-second video showing people how to "hack" the NY Times paywall:

Of course, I'm wondering if just this video alone violates the DMCA's anti-circumvention clause. Section 1201 of the DMCA says (in part): "No person shall... offer to the public... any technology, product, service, device, component or part thereof, that is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title." Is putting up a video that shows an incredibly easy way to get around the NY Times protection measures a violation?

Reader Comments

Not only this.. but I've still got the iPhone app from before the switch to the pay model. I simply ignore the intermittent 'update required' screen and I still get access to all sections of the paper for free.

I don't think that turning off javascript would violate DMCA. My reasoning behind this is that you have a right to allow or deny any application that runs on your computer. Saying that turning javascript off would be like saying you can't run a personal firewall application b/c you can deny any applications access to the internet. Just seems stupid to me.

I almost feel sorry for the NYT. They didn't get what they paid for in this case. There are just so many things wrong with this model that it isn't even doomed to fail...it's just made of fail. It's like they are the QWOP athlete in the 100m dash.

However

Everyone pretty much knows that these laws are a joke written by big corporations. Even the government now seems to be realizing it and the corporations don't seem to be doing as much to go after those who violate them because doing such is not effective and only makes the corporations look like jerks. It's a PR nightmare for them.

What the government needs to do is pass a law that gives the corporations everything they want while making it the law that they do not look like jerks and that they are not jerks. That way no one would think of them as jerks every time they act like jerks and they can go on about acting like jerks without the negative PR involved.

Also, presidential elections are coming up somewhat soon and the government (and the courts) often pretends to act more consumer friendly around this time. After presidential elections are over, they will go back to acting like jerks again. It's why we need shorter election cycles.

Re:

(though I think, in addition, presidents should be allowed to stay in office for longer periods of time if they keep getting re - elected. Maybe 10 years in opposed to 8, with presidential election cycles every two years).

Finally I have legal protections from all the theives out there. Now every IP address that visits my bajillion popup window website and vandalizes my "sponsers" ads by not letting them load and steals my revenue can be targeted with a DMCA violation.

Re:

Whether or not it actually violates the DMCA, the video will get taken down when the relevant people notice it. That's just the way these things work. This action will prevent exactly 0 (zero) people from "hacking" the paywall.

Does it violate DMCA? It does. None of the actions inside of it, performed by an individual would be considered illegal (you can turn off javascript if you like good luck enjoying the last 20% of the internet that doesn't need it). However, showing people how to perform those acts *in context of this website* could be considered illegal.

More than anything, it shows the NYT firewall to be ineffective, and shows the video poster to by a whiny child who doesn't understand what it means when someone says "you are not welcome".

Re:

(you can turn off javascript if you like good luck enjoying the last 20% of the internet that doesn't need it)

A large majority of sites work just fine with Javascript disabled. In most cases, it's only used for ads and non-critical, incidental things, like the voting buttons on posts here, or hiding posts that have been flagged as spam.

In most cases, turning it off makes the page load much faster. And in a few cases, disabling it will get rid of annoying "features", like the IMDb's auto-complete suggestions for the search box, which sends you to the last thing the mouse touched, rather than what you typed.

Re:

This reminds me of the time years ago, when I discovered that a subscription based adult site's only protection was that non-members weren't shown the URL to the paid content. The samples on the front page were linked to files in the members section, so it was a simple matter to copy the URL and delete the filename in order to access the raw directory listing. At which point, you had access to anything on the site for free. :)

Re: Re:

The problem here is that with how much time money and work going into those elections, when would the president actually get the time to do his job if he gets one year (adjustment period) and then one more year where hes only working half the time and campaigning the other half.

Re:

JavaScript has been abused far beyond its original intention. It is used as a malware vector and as a means to track web usage.

Anybody who makes a site that breaks with JavaScript disabled has no business designing anything for the web. I use JavaScript (with jQuery) and every site I've ever developed gracefully degrades if JavaScript is disabled with a friendly banner informing the user that for the full experience it should be disabled as well as a link to a page describing what the script does and does not do. And that is how you do it right.

This! A million times this! I'm all for helping to support sites and I do turn AdBlock off for Techdirt. But for the love of all that is holy, do we need all these idiotic widgets? Using Firebug (a must have for any developer) you'll find that the page size is 758 KB (for this article as of 8:18 PST) and the page load time is 24.14 seconds. This is completely unacceptable and the reason why Techdirt has JavaScript all but disabled on my browser.

Re: Re: Re:

You're splitting hairs. I doubt any court would find your argument convincing. By the same token, I could legally bypass the DRM on video games and movies I have purchased by saying I simply declined to run the code that enforced the control. In some cases this can be done with the same ease as disabling javascript. Selectively bypassing parts of a package when those parts have been designed to restrict access to parts of that package is precisely what the DMCA disallows.

You're also making an artificial distinction between "running the code to crack something" and "declining to run something". Disabling javascript runs code that alters the flow of your browser. "Running a hack" could be as simple as a few instructions to set EAX to 0 at one point. You think that you are "running code" in one instance, and "not running code" in another, but that's not correct. And if your distinction were correct, it would still be irrelevant because the US courts haven't recognized such distinctions as relevant.

Re: Re: Re:

You should not be allowed to use any money to run for president. The president should stand on his or her two feet alone. Why not hold a series of debates/ conferences where anyone who wanted to be (and qualified to be) president could join the conversation? This would level the playing field and allow the person with the best ideas and character to be elected versus the person with the most $$$.

Techdirt has at least 13 sites running about 36 scripts,

by my quick count. Then, if finds the noscript extension, still rats you out to be counted by "b.scorecardresearch.com". (I've long had the latter in my hosts file.) So while /appearing/ to be a libertarian, Mike is in fact a /commercialist/; I don't find that either honest or in the long term interest of maintaining freedom. He sells himself -- and YOU too if you let him -- every day.

If only to deny these commercial entities information that they -- or some /national/ spy agency -- will eventually use against you, everyone should use Noscript and a hosts file. It's not merely that you've nothing to hide, it's just plain none of their business. They're only /looking/ for ways to annoy you at best, and the possibilites of /doing evil/ are enormous. By selling your personal data to whoever (last I heard Google gets $25 for it), they get around what's left of the 4th amendment. -- And most are again saying so what? Well, the full explanation is in Orwell's "1984". The goal is to spy on everyone /all/ the time, because that's what gov'ts /like/ to do, and along with bank and credit card reporting, it means TOTAL CONTROL. -- Just say no now while you still can.

As for sites that require javascript, with Noscript it takes only right click and allow. -- BUT there's a poison pill even in Noscript, as it comes set to allow the worst offenders access on every site: you should remove its entire white list.

Re:

First ammendment

I think the bigger issue here is that the DMCA blatantly violates the First Amendment. It's sort of like the law restricting the export of encryption software, but if you print the algorithm on a T-shirt you can walk across the US/Canada border with no problem while wearing it.

Re: Re: Re: Re:

The difference is that Javascript is a (default) add-on to your browser, one which you may choose not to engage. And good luck finding a browser that doesn't already have it as part of it (now, what happens if you code a browser without Javascript?) That's not the same as installing/downloading/actively actioning a program that removes/suppresses existing DRM.

Re:

Re:

You were doing so well right up until the whiny childish comment about the video poster.

If the NYT really means "you are not welcome on my lawn" it should put up a decent fence and gate, not a pathetic little sign that can only be seen from one direction, and which is hidden behind the hotdog and lemonade concession.

Re: Re: Re: Re:

If some website uses javascript to enforce their "viewing protection" but you can still view the pages without JavaScript, that is a fail on their part, not on yours. Otherwise the NoScript add-on in Firefox is in violation of the DMCA (as it allows selective running or disallowing of various javascripts) and is a circumvention device and must be taken down (can't wait for DHS and ICE to seize their domain).

Next, it will be illegal to block ads because of the advertisers First Amendment rights being violated, and the AdBlock plugin will have to go. That will known as the day the internet died.

I set the browser to delete cookies on close and have never had a problem accessing as much of the NYTs as I want. Is deleting cookies a violation of the DMCA?

Probably.

But all these IP and supposed 'protection' laws being put in are just to make sure we are ALL guilty of something - all the time. It's the only easy way to run a police state, like our 'leaders' endeavor to do.

Re: Would you trust them with your credit cards?

Like most businesses, they don't really think computer security has much ROI, so why would they spend money on it? Having been in IT for over 40 years, I think I can speak with some authority on this. The pointy-haired boss is the norm, and the exceptions to that are rare, and they are usually hunted down and punished or laid off for having the temerity to suggest that spending funds on anything that does not produce immediate and huge profit is foolish and shows poor business sense. Plus, it has a negative impact on the executive bonus pool.

Re: Would you trust them with your credit cards?

Like most businesses, they don't really think computer security has much ROI, so why would they spend money on it? Having been in IT for over 40 years, I think I can speak with some authority on this. The pointy-haired boss is the norm, and the exceptions to that are rare, and they are usually hunted down and punished or laid off for having the temerity to suggest that spending funds on anything that does not produce immediate and huge profit is foolish and shows poor business sense. Plus, it has a negative impact on the executive bonus pool.

Re:

You should not be allowed to use any money to run for president. The president should stand on his or her two feet alone. Why not hold a series of debates/ conferences where anyone who wanted to be (and qualified to be) president could join the conversation? This would level the playing field and allow the person with the best ideas and character to be elected versus the person with the most $$$.

The BIG problem is that politicians give grants and tax-exemptions to various organizations and companies. Then those SAME organizations/companies turn around and *fund their campaigns*.

It's basically just money laundering, but since they are 'good organizations' with their parasitic politicians protecting them, the justice department could care less.

So much for the 'rule of law' in the formerly United States of America - now known as the Tyrannical States of America, or TSA for short.

Re: Techdirt has at least 13 sites running about 36 scripts,

"So while /appearing/ to be a libertarian, Mike is in fact a /commercialist/; I don't find that either honest or in the long term interest of maintaining freedom. He sells himself -- and YOU too if you let him -- every day."

I, for one, am glad that Mike makes enough money (off of me and other techdirt readers) to keep this site going. Keep up the good work Mike!

As for you, if you don't like it, don't visit the site. You won't be missed.

Re:

Actually that is not correct.

Javascript is what is classified as a client side application. ie: It ONLY runs on the viewing computer after the server has sent a request to it to do something.

It is run at the whim of the owner of the client, NOT at the request or legal ability of the owner of the server. In fact the servers owner has no legal obligation to make you use it to visit their site since if they do force you under the duress of quoting the DMCA or other torts they very much could be liable under the criminal sanctions of the Computer Fraud and Abuse Act.

Whether yourself or the NYT like it or not it is the owner of the computer who states what is run or not on their own system, and more specifically what has authority to access or not.

I can guarantee you (since this has happened once) if some organisation tries to access or run some programme/script on my computer which I have not given them the legal authority to, then that organisation will be in for a very nasty shock when criminal warrants are served on them.

As for this video, It shows people how to legally disallow authority to the NYT on their system and therefore is not showing circumvention of anything, especially when circumvention implies the bypassing of something fully controlled by someone else, in this case the NYT, which is incorrect.

Re: First ammendment

"No person shall... offer to the public... any technology, product, service, device, component or part thereof, that is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title."

My interpretation is that "products" and the rest would not include speech as clearly would be a website.